It’s like one of those nightmares where you keep trying to type in a password and it doesn’t work. Except in this case, it’s real life, and a man has been in jail for seven months – without being charged – for forgetting an encryption passcode.

I don’t know about you, but I’ve been known to forget a password over a long weekend, let alone five months.

Consequently, for the last seven months, Rawls has been in jail for contempt of court for refusing the judge’s order, though he hasn’t been charged with a crime. His attorney is claiming that having to provide the passcode violates his right to self-incrimination.

Back story

Courts have been deciding back and forth on the issue for several years now and, most recently, have decided that a phone password is more like the combination to a safe than a physical object such as a key. It matters because something that is the expression of one’s mind, like the combination to a safe, is protected under your Fifth Amendment rights not to incriminate yourself. A physical key, something you possess, is something you can be forced to produce.

The Fifth Amendment angle is, in fact, why police wanted Rawls to type in the passcodes himself rather than tell someone else what they were – because it was thought that the latter would amount to testifying against himself, writes Christine Hauser in the New York Times.

“Quite sensibly, Rawls refused,” writes William Grigg in this website Personal Liberty. “He is a veteran cop and knows – better than the public he supposedly served in that capacity – what happens when a targeted citizen offers the police unrestricted access to his home and personal effects. If he had acceded to the demand for his encryption codes, Rawls would have done the equivalent of allowing the police to rummage through every room, closet, and drawer in his home, while letting them inspect all of his correspondence, medical records, and personal finances. Diligent and motivated investigators would eventually find something that an ambitious prosecutor could use to manufacture a felony charge.”

The government is claiming it wouldn’t be self-incrimination because it knows there’s child pornography on the hard drives. “If the government already knows there’s child pornography on Rawls’s hard drives, then it’s not self-incrimination for Rawls to give his passwords,” explains Travis Andrews in the Washington Post. “Think of it like a search warrant: if an officer of the law is granted a search warrant to someone’s house, then that suspected party has no recourse but to allow the officer enter his house. Much like that hypothetical person wouldn’t be able to lock the door, Judge Rueter ruled that Rawls can’t refuse to provide the passwords.”

On the other hand…

Needless to say, Rawls’ defense attorney takes issue with this belief. “The government has not, as required by the relevant decryption precedents, demonstrated that the storage of any particular file or files on the hard drives is a foregone conclusion,” notes the brief. “Instead, it put forward only a suspect witness who gave attenuated testimony and a forensic examiner who was unable to offer any authoritative opinion regarding the contents of the hard drives.”

Nor does his attorney agree with the dodge of having Rawls type in the passcodes rather than provide them to someone else. “The fact that the government seeks to have the codes entered into a forensic interface rather than spoken aloud does not change the analysis,” notes the brief. “It still demands that Mr. Doe divulge the contents of his mind, not demonstrate his typing skill.”

Was it a ruse?

The fact that Rawls did willingly decrypt the phone, and did attempt to enter a passcode for the hard drives, is being called a “ruse” by prosecutors. The government “contended that Mr. Doe’s unlocking of the iPhone 6 and entry of passcodes for the hard drives ‘was a deliberate façade designed to feign compliance with the Court,’” writes Rawls’ defense attorney. How it would have looked different if he honestly did want to cooperate and honestly did forget the passcode, nobody seems to have said.

This isn’t the first time that someone has been jailed for contempt for refusing to provide a passcode for an encrypted drive – several people in the U.K. have been jailed for refusing to provide an encryption passcode — but it may be the first time in the U.S.

It’s also not the first time someone has refused to provide the passcode to decrypt their hard drive; Jeffrey Feldman, who was also accused of having child pornography, refused to provide a passcode, and several judges ruled several different ways on whether he had to provide it. In that case, however, investigators learned enough details about what was on the drives on their own that they dropped the attempt to have him decrypt them.

Solitary

To make matters worse for Rawls, because he is a police officer – that is, former police officer; he was fired, after 17 years on the force, after he was jailed – he was put into solitary confinement to protect him from the other inmates. So not only has he been in jail seven months; he’s been in solitary confinement for seven months.

“He spends 22 and a half hours of every day completely alone,” writes Andrews. “If someone visits him, they have to remain behind a barrier. Each month, he’s granted one fifteen-minute phone call.”

On the other hand, Rawls has a long way to go to set any sort of record for longest jail time, without a charge, for contempt. H. Beatty Chadwick was released in 2009 after serving 14 years for contempt after saying he had lost $2.75 million and could not split it with his former wife. He pointed out that he would have served less time if he had been convicted of third-degree murder.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

It is not unheard of to forget a password. That is why some sites offer a path to reset a password to gain access to an account. Can the court prove that he still knows the password and is deliberately withholding it?

This is a scary aspect of technology/security and the reality of lack of knowledge among those in positions of power. I feel for the man if he truly forgot his password. If he didn't, well, that's another story. We live and work in a world where people say "Don't write down your passwords!" but when you see something like this, it certainly makes you want to go against best practice in order to protect yourself.

It's pretty hard to prove a negative. Reminds me of the time someone with my name had been a bad girl with her credit cards, and the company came after me, and when I said it wasn't me, demanded I prove it. Uh, how? Similarly, how can you *prove* you forgot something?

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy